ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 23:43:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Ensure min/max days between password changes.

Browse source 
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
This commit is contained in:
root@DERVISHx 2023-11-02 16:39:57 +00:00
parent 0856639ab5
commit 9c12cc07b2
No known key found for this signature in database
GPG key ID: C68B144D8E6CCC46
3 changed files with 30 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

17
tasks/section_5/cis_5.6.1.x.yml
View file

@ -28,11 +28,22 @@
- password
- rule_5.6.1.2
- name: "5.6.1.2 | PATCH | Set existing users"
ansible.builtin.shell: getent passwd | awk -F: '$3 >= {{ usr_min_uid}} { print "echo "$1";chage -m {{ min_days }} -M {{ min_days }}"$1}'
- name: "5.6.1.1/2 | PATCH | Set existing users with password rules"
block:
- name: "5.6.1.1/2 | AUDIT | Get existing users"
ansible.builtin.getent:
database: passwd
- name: "5.6.1.1/2 | PATCH | Update users higher than usr_min_uid"
ansible.builtin.user:
name: "{{ item }}"
password_expire_min: "{{ rhel9cis_pass['min_days'] }}"
password_expire_max: "{{ rhel9cis_pass['max_days'] }}"
loop: "{{ getent_passwd | dict2items | map(attribute='key') | list }}"
when: getent_passwd[item].1 | int >= usr_min_uid
when:
- rhel9cis_rule_5_6_1_2
- rhel9cis_rule_5_6_1_2_set_user
tags:
- level1-server
- level1-workstation